Vulnerability in Asterisk
CVE-2026-23740
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (f…
EPSS: 0.001 (1.6th percentile) — read the EPSS interpretation.
Affected products
- Asterisk — versions < 23.2.2, < 22.8.2, < 21.12.1
- Sangoma Asterisk
- Sangoma Certified_asterisk — versions 13.13.0, 16.8, 16.8.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)